@ini_set("error_reporting", E_ALL);
@ini_set("display_errors", TRUE);
//入侵过滤
$contaminated = (isset($_FILES['GLOBALS']) || isset($_REQUEST['GLOBALS'])) ? true : false;
$paramsToAvoid = array('GLOBALS', '_COOKIE', '_ENV', '_FILES', '_GET', '_POST', '_REQUEST', '_SERVER', '_SESSION', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_POST_FILES', 'HTTP_RAW_POST_DATA', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS');
$paramsToAvoid[] = 'autoLoadConfig';
$paramsToAvoid[] = 'mosConfig_absolute_path';
$paramsToAvoid[] = 'hash';
$paramsToAvoid[] = 'main';
foreach($paramsToAvoid as $key) {
if (isset($_GET[$key]) || isset($_POST[$key]) || isset($_COOKIE[$key])) {
$contaminated = true;
break;
}
}
//参数检测
$paramsToCheck = array('main_page', 'cPath', 'products_id', 'language', 'currency', 'action', 'manufacturers_id', 'pID', 'pid', 'reviews_id', 'filter_id', 'zenid', 'sort', 'number_of_uploads', 'notify', 'page_holder', 'chapter', 'alpha_filter_id', 'typefilter', 'disp_order', 'id', 'key', 'music_genre_id', 'record_company_id', 'set_session_login', 'faq_item', 'edit', 'delete', 'search_in_description', 'dfrom', 'pfrom', 'dto', 'pto', 'inc_subcat', 'payment_error', 'order', 'gv_no', 'pos', 'addr', 'error', 'count', 'error_message', 'info_message', 'cID', 'page', 'credit_class_error_code');
if (!$contaminated) {
foreach($paramsToCheck as $key) {
if (isset($_GET[$key]) && !is_array($_GET[$key])) {
if (substr($_GET[$key], 0, 4) == 'http' || strstr($_GET[$key], '//')) {
$contaminated = true;
break;
}
if (isset($_GET[$key]) && strlen($_GET[$key]) > 43) {
$contaminated = true;
break;
}
}
}
}
unset($paramsToCheck, $paramsToAvoid, $key);
if ($contaminated)
{
header('HTTP/1.1 406 Not Acceptable');
exit(0);
}
unset($contaminated);
//安全代码结束
/* *** END OF INNOCULATION *** */
/**
* boolean used to see if we are in the admin script, obviously set to false here.
*/
define('IS_ADMIN_FLAG', false);
/**
* ����������ʾ
* Enter description here ...
* @var unknown_type
*/
define('STRICT_ERROR_REPORTING', FALSE);
/**
* integer saves the time at which the script started.
*/
define('PAGE_PARSE_START_TIME', microtime());
// define('DISPLAY_PAGE_PARSE_TIME', 'true');
@ini_set("arg_separator.output","&");
/**
* Set the local configuration parameters - mainly for developers
*载入自定义配置文件
*/
if (file_exists('includes/local/configure.php')) {
/**
* load any local(user created) configure file.
*/
include('includes/local/configure.php');
}
/**设置调试模式
* ����boolean if true the autoloader scripts will be parsed and their output shown. For debugging purposes only.
*/
define('DEBUG_AUTOLOAD', FALSE);
/**
* set the level of error reporting
*设置错误级别,如错误的显示是否提醒
* Note STRICT_ERROR_REPORTING should never be set to true on a production site.
* It is mainly there to show php warnings during testing/bug fixing phases.
*/
if (defined('STRICT_ERROR_REPORTING') && STRICT_ERROR_REPORTING == true) {
@ini_set('display_errors', TRUE);
error_reporting(version_compare(PHP_VERSION, 5.3, '>=') ? E_ALL & ~E_DEPRECATED & ~E_NOTICE : version_compare(PHP_VERSION, 5.4, '>=') ? E_ALL & ~E_DEPRECATED & ~E_NOTICE & ~E_STRICT : E_ALL & ~E_NOTICE);
} else {
error_reporting(0);
}
/*magic-quotes模块检测
* turn off magic-quotes support, for both runtime and sybase, as both will cause problems if enabled
*/
if (version_compare(PHP_VERSION, 5.3, '<') && function_exists('set_magic_quotes_runtime')) set_magic_quotes_runtime(0);
if (version_compare(PHP_VERSION, 5.4, '<') && @ini_get('magic_quotes_sybase') != 0) @ini_set('magic_quotes_sybase', 0);
/**
* check for and include load application parameters
*/
if (file_exists('includes/configure.php')) {
/**载入配置文件
* load the main configure file.
*/
include('includes/configure.php');
} else {
$problemString = 'includes/configure.php not found';
require('includes/templates/template_default/templates/tpl_zc_install_suggested_default.php');
exit;
}
/**检测是否安装,如无就跳到安装页
* if main configure file doesn't contain valid info (ie: is dummy or doesn't match filestructure, display assistance page to suggest running the installer)
*/
if (!defined('DIR_FS_CATALOG') || !is_dir(DIR_FS_CATALOG.'/includes/classes')) {
$problemString = 'includes/configure.php file contents invalid. ie: DIR_FS_CATALOG not valid or not set';
require('includes/templates/template_default/templates/tpl_zc_install_suggested_default.php');
exit;
}
/**载入extra_configures下的额外配置文件
* include the list of extra configure files
*/
if ($za_dir = @dir(DIR_WS_INCLUDES . 'extra_configures')) {
while ($zv_file = $za_dir->read()) {
if (preg_match('/\.php$/', $zv_file) > 0) {
/**
* load any user/contribution specific configuration files.
*/
include(DIR_WS_INCLUDES . 'extra_configures/' . $zv_file);
}
}
$za_dir->close();
unset($za_dir);
}
/**
* 自定义config,模板没前最
* Enter description here ...
* @var unknown_type
*/
$autoLoadConfig = array();
if (isset($loaderPrefix)) {
$loaderPrefix = preg_replace('/[^a-z_]/', '', $loaderPrefix);
} else {
$loaderPrefix = 'config';
}
$loader_file = $loaderPrefix . '.core.php';
// 加载initsystem.php文件,这个文件会进入includes/auto_loaders目录加载config.core.php,然后再加载 config.*.php文件,
//可以重载,这个文件完成后得到一个资源列表填入$autoLoadConfig数组
require('includes/initsystem.php');
/**
* determine install status判断是否已经安装
*/
if (( (!file_exists('includes/configure.php') && !file_exists('includes/local/configure.php')) ) || (DB_TYPE == '') || (!file_exists('includes/classes/db/' .DB_TYPE . '/query_factory.php')) || !file_exists('includes/autoload_func.php')) {
$problemString = 'includes/configure.php file empty or file not found, OR wrong DB_TYPE set, OR cannot find includes/autoload_func.php which suggests paths are wrong or files were not uploaded correctly';
require('includes/templates/template_default/templates/tpl_zc_install_suggested_default.php');
header('location: zc_install/index.php');
exit;
}
/**实现将$autoLoadConfig数组加载,实现所有的资源初始化
* load the autoloader interpreter code.
*/
require('includes/autoload_func.php');
/**
* load the counter code计数器
**/
if ($spider_flag == false) {
// counter and counter history
require(DIR_WS_INCLUDES . 'counter.php');
}
// get customers unique IP that paypal does not touch获取访客ip
$customers_ip_address = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['customers_ip_address'])) {
$_SESSION['customers_ip_address'] = $customers_ip_address;
}正文完
